Here's the named.conf file from my name server. It's pretty basic, and
creates a view for internal use, and external. It hosts internal DNS for
local machines that's used on two internal networks, and external DNS
for our hosted domains, recursive lookups from our public IP block, etc.
// {{{ options
options
{
// Make named use port 53 for the source of all queries, to allow
// firewalls to block all ports except 53:
//
query-source port 53;
query-source-v6 port 53;
// Put files that named is allowed to write in the data/ directory:
directory "/var/named";
dump-file "stats/cache_dump.db";
statistics-file "stats/named_stats.txt";
memstatistics-file "stats/named_mem_stats.txt";
// by default, don't allow any transfers
allow-transfer { "none"; };
};
// }}}
// {{{ logging
logging
{
// If you want to enable debugging, eg. using the 'rndc trace' command,
// named will try to write the 'named.run' file in the $directory
(/var/named).
// By default, SELinux policy does not allow named to modify the
/var/named directory,
// so put the default debug log file in data/ :
channel default_debug {
file "stats/named.run";
severity debug;
};
category lame-servers { null; };
};
// }}}
// {{{ internal
view "internal"
{
// This view will contain zones you want to serve only to
"internal" clients
// that connect via your directly attached LAN interfaces -
"localnets" .
match-clients { 192.168.0.0/24; localhost; 10.8.0.0/24; };
match-destinations { 192.168.0.0/24; localhost; 10.8.0.0/24; };
// allow recursive lookups (zones that we don't host)
allow-recursion { 192.168.0.0/24; localhost; 10.8.0.0/24; };
// allow our non-primary name servers to get zone data
allow-transfer { 192.168.0.2; };
// all views must contain the root hints zone:
include "/etc/named.domains.root";
// include the domains that we serve
include "/etc/named.domains.internal";
};
// }}}
// {{{ external
view "external"
{
// This view will contain zones you want to serve only to "external"
clients
// that have addresses that are not on your directly attached LAN
interface subnets:
// allow recursion from within our subnet
allow-recursion { 24.222.7.0/24; };
// allow our non-primary name servers to get zone data
allow-transfer { 24.222.7.2; 24.222.7.40; };
// all views must contain the root hints zone:
include "/etc/named.domains.root";
// include the domains that we serve
include "/etc/named.domains.external";
};
// }}}
On 22/09/11 05:24 AM, Niall O'Reilly wrote:
On 22/09/11 01:02, Keith Burgoyne wrote:
Any advice would be massively appreciated.
The +trace operation which you say is failing for you
works from my network -- at home, where I have to use NAT.
It looks as if either your network or the nameserver you're
using (according to your message, at 24.222.7.12) is
misconfigured.
If you're prepared to share your nameserver configuration
on the list, you may find that some people are minded to
give advice.
It the problem lies in your network, you'll need to do
some packet capture to find out what's not happening.
Best regards,
Niall O'Reilly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
